Information Security Systems [ISO/IEC 27001]

ASACERT certifies Information Security Management Systems for the purpose of providing confidentiality, integrity and availability for all information circulating and present in any company. ASACERT certifies Information Security Systems according to the standard ISO / IEC 27001 and consistently with the standards for quality management systems, environment and safety at work.

ISO 27001 is the certification standard to which the organization should refer to implement an Information Security Management System that can be certified by an independent certification body. The standard is applicable to all private and public companies.

Since information is an asset that adds value to the company, and now most of the information is stored electronically, each organization must be able to guarantee the security of their data, in a context where the risks caused by breaches of computer security systems are constantly increasing. The aim of ISO 27001 standard is exactly to protect data and information from threats of all kinds, in order to ensure the integrity, confidentiality and availability, and give the requirements to adopt an information security management system (ISMS) for effective management of sensitive corporate data.

The structure of ISO/IEC 27001 is consistent with that of the Quality Management System ISO 9001 and Risk Management, based on the process, structured in security policy, identification, risk analysis, evaluation and treatment of risks, review and reassessment of the risks, PDCA model, use of procedures and tools such as internal audits, non-conformity, corrective and preventive actions, monitoring, continuous improvement.

Compliance with ISO 27001 does not relieve the organization from complying with the minimum safety measures and the production of the documentation required by the Privacy Law.

The main difference between the Privacy Law and ISO 27001 standard is that the Privacy Law protects sensitive personal data, while the ISO 27001 is also interested in business data that must be safeguarded for the interest of the organization.

ASACERT INFO

“The development of ASACERT isn’t just based on budget figures but has its roots in the enhancement and growth of staff. When investment in resources and development exceeds fixed capital investment, it means that your business stops being a place that merely produces and becomes a place that thinks. This allows us to offer substantial added value and a close working relationship with your business.“